diff --git a/modules/webstack.nix b/modules/webstack.nix index 31c4a98..81ad970 100644 --- a/modules/webstack.nix +++ b/modules/webstack.nix @@ -15,11 +15,7 @@ sslDhparam = "/var/lib/dhparams/nginx.pem"; commonHttpConfig = '' # Add HSTS header with preloading to HTTPS requests. - # Adding this header to HTTP requests is discouraged - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; # Minimize information leaked to other domains add_header 'Referrer-Policy' 'origin-when-cross-origin'; @@ -45,7 +41,14 @@ "rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;"; "/miniflux/".extraConfig = "rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;"; - "/.well-known/".alias = "${../well-known}" + "/"; + "/.well-known/" = { + alias = "${../well-known}" + "/"; + extraConfig = '' + ${config.services.nginx.commonHttpConfig} + add_header Access-Control-Allow-Origin '*'; + add_header Content-Type application/json; + ''; + }; }; }; "radicale.coolneng.duckdns.org" = { diff --git a/well-known/matrix/client b/well-known/matrix/client new file mode 100644 index 0000000..061cda1 --- /dev/null +++ b/well-known/matrix/client @@ -0,0 +1,8 @@ +{ + "m.homeserver": { + "base_url": "https://matrix.coolneng.duckdns.org" + }, + "m.identity_server": { + "base_url": "https://vector.im" + } +}